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^ (57) Abstract: Employee Internet usage is monitored to identify the web sites employees visit and the amount of time employees 
^ spend at each site. The monitoring system (10) utilizes a client-based module (26) that monitors Internet access and operates in 
2 conjunction with an enforcement supervisor module (32) located on a remote web server (30). The client-based module (26) performs 
all of the monitoring and logging activity. A log containing the web page title, location (URL) and time spent is stored by the 
Q client-based monitoring module (26) in memory (48) on the client computer (12). The web page title and URL are obtained from 
^ system notifications firom the browser (36) to the client component. The client computer (12) uploads the log containing the web 
^ page information to the web-based supervisor module (32). 
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Description 

SYSTEM AND METHOD FOR TRACKING TIME SPENT AND 
DESTINATIONS OF CLIENT COMPUTERS CONNECTED 
TO THE INTERNET 

5 Technical Field 

The present invention relates generally to 
information processing, and in particular to systems and 
methods for monitoring access and usage of individual 
computer systems and local area networks connected to 

10 larger open networks (wide area networks) , including the 
Internet • 
Background Art 

The explosive 'growth of the Internet, 
particularly the World Wide Web, has had a dramatic effect 

15 on the way many corporations and other organizations do 
business. The Internet brings a world of information to 
the fingertips of employees. 

However, some of what the Web introduces into 
the workplace can be non-productive and damaging to a 

20 business. Employees who waste company time or resources 
on non-work-related activities can become a drain on the 
company. If Internet bandwidth is used for downloading 
pornography or making personal travel reservations, it 
could mean slower access for employees doing work. Fellow 

25 employees could be exposed to inappropriate material that 
could ultimately lead to a sexual harassment lawsuit. 
Just as it is inappropriate to pass around certain 
materials at work, it is inappropriate for employees to be 
viewing certain material on company computers, especially 

30 if other employees may be unwittingly exposed to that 
material . 

As a result, corporate information system 
departments face new challenges. Companies are 

increasingly looking for the best way to manage Internet 
35 access, and keep objectionable online material out of the 
workplace. One hundred twenty-two million employees are 
expected to access the Internet, and 660,000 companies are 



wo 02/01381 



PCTAJSOl/19642 



-2- 

expected to implement Internet productivity systems in the 
year 2000. 

One extreme solution is to build a company- wide 
intranet. However, the company's knowledge-base may not 
5 include the information an employee needs. Also, as the 
use of E-mail becomes more accepted and the Internet 
continues to grow, cutting employees off from the Web does 
not make good business sense. 

The software industry has introduced a number of 
10 products and technologies that are designed primarily to 
monitor and track the web sites visited by users. Most, 
if not all of these products are based on filtering 
software . 

Filtering software is designed to help companies 

15 control recreational and personal Internet use. , The 
software monitors employee use of the Net and, depending 
on how it is configured by the employer, prevents* 
employees from visiting certain types of Web sites that 
could interfere with productivity, tie up Internet 

20 bandwidth or violate company policies. 

Some filtering software contains what the 
company calls its list of sites that are inappropriate for 
employees. Blocked sites are divided into categories so 
that companies can enable access to specific content 

25 categories according to the time of day. For example, an 
employer could permit access to entertainment sites during 
the lunch hour or after hours. 

To that end, software can be used to deny 
employees access to sites in such areas as astrology and 

30 mysticism, games, entertainment, travel, news, job 
searches, investment, hobbies and more. In other words, 
anything an employee might want to do that's not directly 
related to his job. 

Access levels can be defined on the basis of 

35 time of day or the day of the week. The employer could, 
for example, give users access to a wider range of web 
sites after 6 p.m. or on weekends. The employer could 
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also, define different levels of Internet access for 
different individuals or groups in the company. 

A human resource department, for example^ could 
have access to job search Web sites that might be off- 
5 limits to other employees. The chief executive could have 
unlimited access and still restrict what others can do. 

Filtering software is not without limitations. 
Much pf the software won't run on systems with a modem 
connection to the Internet. The filtering software 

10 requires a server-based mechanism such as a Microsoft or 
Netscape proxy server or a check point firewall. 

While the server-based mechanisms have the 
advantage of not requiring software to be installed on the 
client machine, they are incapable of monitoring the 

15 actual time spent by the user on any given web page. In 
addition, LAN server-based mechanisms have the 
disadvantage of imposing significant performance 
penalties, especially if the number of clients connected 
to it is large. This approach usually requires technical 

20 esqpertise since it is difficult to administer and 
configure . 

Filtering software does a good job of blocking 
out the offensive sites, but the software may 
inadvertently restrict information that the employee may 

25 need. For example, an employee researching breast cancer, 
or an HR director putting together a presentation on the 
topic of sexual harassment in the workplace may not be 
able to obtain the relevant information. Additionally, 
filtering software requires constant updating due to new 

30 web sites with offensive content going on-line daily. 

Also, a moderate amount of employee use of the 
Internet for personal business isn't necessarily 
coxmterproductive . Just as most employers tolerate a 
certain amount of personal phone calls at work, it may be 

35 perfectly acceptable for an employee to use a company PC 
to make personal travel arrangements, book a dinner 
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reseirvation, check a stock portfolio or read the newspaper 
during personal break time. 

Another software industry solution, client -based 
filters (e.g. Surf watch and CyberPatrol) that prevent 
5 users from accessing undesirable Web sites, do not 
adequately overcome the limitations of centralized 
filtering. Designed largely as parental control tools for 
individualized PCs, these programs are easily disabled by 
uninstalling (accidently or intentionally) the filter. 

10 For example, a Windows user can simply reinstall the 
Windows OS, replacing certain driver files of the filter. 
This disables the filter and provides the user with 
unrestricted access to the Internet. 

A solution has not yet been proposed to deal 

15 with the problems posed by Internet access in the 
corporate environment. There is a need for a simple 
system and methods providing companies the means to 
monitor the exchanges permissible between a local computer 
and an external network or WANs, including the Internet. 

20 

Disclosure of the Invention 

Perhaps the two aspects of Internet access most 
important to the productivity of an organization are 1) 
the ability to monitor the amount of time employees spend 

25 on the Internet and 2) the web sites employees visit while 
on the Internet. Although the Internet is an increasingly 
important business tool, it also poses a temptation for 
abuse. Employees may be tempted to pursue their own 
private interests while on the job. The Internet access 

30 monitoring system of the present invention addresses this 
problem by allowing an organization to monitor employee 
Internet access on a time- spent -per-page and total time- 
per-week basis . The actual monitoring can be done in a 
variety of ways, including monitoring the time and web 

35 site history of an employee actively interacting with the 
Internet, and/or monitoring the complete time and web site 
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history of particular groups of users accessing the 
Internet . 

' The present invention addresses the bandwidth 
concerns by limiting access to the Internet to certain 
5 times of the day and monitoring employees. When an 
employee knows that he is being monitored, he is much less 
likely to surf inappropriate material on the Internet. 

The present invention provides system and 
methods for client -based monitoring of Internet access, 

10 which operate in conjunction with an enforcement 
supervisor located on a remote web server. In accordance 
with the present invention, a central filter and 
centralized enforcement supervisor are not used. Instead, 
the present invention provides a client side mechanism for 

15 tracking Internet usage on a time-spent-per-web-page basis 
within a browser such as Microsoft Internet Explorer and 
transmitting this information to a remote web site (over 
the Internet or any other network) where authorized 
personnel can access the information over the Internet. 

20 The client -based monitoring module in a 

. preferred embodiment performs all the monitoring and 
logging work. Each time the user navigates to a new web 
page, the previous web page title, location (Universal 
Resource Locator or URL) , and time spent are then stored 

25 by the client component in memory on the client computer. 
The web page title and URL are obtained from system 
notifications from the browser to the client component. 
The client computer uploads the log containing the web 
page information to a web-based supervising module. 

30 The present invention provides guidelines that 

can include criteria such as total time a user can be 
connected to the Internet (e.g., per day, week, month or 
the like) , and the time a user can interactively use the 
. Internet (e.g., per day, week, month, or the like). These 

35 guidelines can be qualified by optionally specifying: to 
whom should a rule apply (list of users, list of work 
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groups, or all); time of day when the rule should be 
applied (for example from 9 a.m. to 5 p.m.). 

All the logged information is viewable by an 
administrator in either a summary format (total number of 
5 hours spent by each user) or in a detailed format (time 
per web page with details such as the web page tile, URL, 
and time) by visiting the web site and entering the 
Administrator authentication information. This function 
is the same as that of a history log except that a web- 
10 based format does not permit modification by the client 
machine . 

Brief Description of the Drawing 

Various advantages and features of the invention 
will be understood from the following detailed description 
15 taken in connection with the appended claims and the 
attached drawing figures in which: 

FIGURE 1 is a block diagram providing an 
overview of a Internet -based (client /server) system in 
which the present invention is embodied; 
20 FIGURE 2 is a block diagram providing an 

overview of a Internet -based (client/server) system in 
which the present invention may be embodied; 

FIGURE 3 is a block diagram illustrating a 
client-side monitor; 
25 FIGURE 4 is a block diagram illustrating a web- 

side supervisor server; 

FIGURE 5 is a flow chart illustrating a method 
of the present invention for handling a user session; 

FIGURE 6 is a flow chart illustrating a method 
30 of the present invention for handling the acquisition of 
the Internet monitoring system; and 

FIGURE 7 is a bit map screen shot illustrating 
a preferred user interface or wizard dialog for 
configuring first- time user registration. 
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Best Mode for Carrying out the Invention 

The present invention provides system and 
methods for client -based monitoring which operate in 
conjunction with a web-based enforcement supearvisor. In 
5 accordance with the present invention, a central filter 
and centralized enforcement supervisor are not used. 
Instead, the present invention provides a client side 
mechanism for tracking Internet usage on a time-spent-per- 
web-page basis within an Internet browser such as 

10 Microsoft Internet Explorer and transmitting this 
information to a remote web site (over the Internet or any 
other network) so that it is easily accessed by authorized 
personnel over the Internet. 

An Internet access monitoring system, 

15 constructed in accordance with the present invention, 
preferably supports the maintenance of a detailed log of 
Internet access, for enforcing the guidelines. An 
Internet access monitoring system, constructed in 
accordance with the present invention, preferably supports 

20 guidelines. The present invention provides guidelines 
that can include criteria such as total time a user can be 
connected to the Internet (e.g., per day, week, month or 
the like) / and the time a user can interactively use the 
Internet (e.g., per day, week, month, or the like). These 

25 guidelines can be qualified by optionally specifying: to 
whom should a rule apply (list of users, list of work 
groups, or all) , and time of day when the rule should be 
applied (for example from 9 a.m. to 5 p.m.). 

All the logged information is viewable by an 

30 administrator in either a summary format (total number of 
hours spent by each user) or in a detailed format (time 
per web page with details like the web page tile, URL, and 
time) by visiting the web site and entering the 
Administrator authentication information. This function 

35 is the same as that of a history log except that a web- 
based format does not permit modification by the client 
machine . 
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The present invention addresses the bandwidth 
concerns by limiting access to the Internet to certain 
times of the day and monitoring employees. When an 
employee knows that he is being monitored/ he is much less 
5 likely to surf inappropriate material on the Internet . 

The system hardware of the client-side Internet 
access monitoring module and server-based Internet access 
supervisor employed in a preferred embodiment, will now be 
described in further detail. 

10 Referring to FIGURE 1 and FIGURE 2, the 

invention is generally embodied on a computer system 10 
including one or more personal computer systems, such as 
a desk- top personal computer 12, Preferably the personal 
computer system is an IBM PC-compatible personal computer, 

15 available from a variety of vendors (including IBM of 
Armonk, NY and Compaq Computer Corporation of Houston, 
TX) , but the personal computer system 12 could be a 
wireless telephone with Internet capability or the like. 
In the alternative, with the growth of remote computerized 

20 appliances, the present invention is useful to control 
television viewing, computer game usage, cell phone usage 
and the like. 

Referring to FIGURE 1, the personal computer 
system 12 is connected to a wide area network 14 by a 

25 modem 16. In the preferred embodiment, the WAN is the 
Internet or World Wide Web. Preferably, the modem 16 
provides SDSL or ADSL service (e.g., available from 
Jump.net of Austin, TX) , but the modem could be a 
conventional 56K modem (e.g., available from U.S. 

30 Robotics), ISDN line or the like. 

Referring to FIGURE 2, in an alterative 
embodiment, the personal computer system 12 is coi^nected 
to the WAN 14 by a network interface card 18 and a local 
area network 20 which has a server 22 and a firewall 24. 

35 Referring to FIGURE l and FIGURE 2, the personal 

computer system 12 includes a client-side Internet access 
monitoring module 26 of the present invention. 
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The Internet allows access to a multitude of web 
servers 28 . Of particular interest is a supervisor web 
server 30 which includes a web- side Internet access 
monitoring supervisor module 32 of the present invention 
5 and a firewall 24. In an altexnative embodiment, the web- 
side Internet access monitoring supervisor module 32 is 
located on the server 22 . 

The web site Internet access monitoring 
supervisor module 32 and client-side Internet access 

.10 monitoring module or client module 26 prevent users from 
circumventing Internet monitoring, either accidentally or 
intentionally. It should be difficult/ for instance, for 
a user to circumvent Internet monitoring by connecting to 
the Internet through a dial-up connection (e.g., 

15 connecting to an ISP with a modem) . The monitoring system 
of the present invention is triggered by the Internet 
browser, not the Internet connection, making circumvention 
difficult. Similarly, it should be difficult for a user 
to circumvent access rules by installing, uninstalling or 

20 tampering with components of his own PC or the monitoring 
system. The minimum number and small size of client-side 
components of the present invention makes tampering 
difficult and software conflicts unlikely. Each personal 
computer system has one client-side module that is less 

25 than one megabyte in size. 

Construction and operation of the client -side 
Internet access monitoring module, including its 
interaction with server-based components employed in a 
preferred embodiment, will now be described in- further 

30 detail. 

A user session with respect to the client- side 
monitoring module will now be described in further detail . 
Referring to Figure 3, the personal computer system 12 
includes the client-side monitoring module 26, an 
35 operating system (OS) 34, and an Internet browser 36. The 
client -based monitoring module 26, which in a preferred 
embodiment performs all the monitoring and logging work. 



wo 02/01381 



PCT/USOl/19642 



-10- 

is responsible for intercepting universal resource link 
requests between an Internet browser and a network 
programming interface. 

The operating system has the network programming 
5 interface component 38 for communications between the 
Internet browser 36 and the WAN or Internet 14. 
Preferably, the operating system (OS) is Microsoft Windows 
95, 98, 2000, or NT (available from Microsoft Corporation 
of Redmond, Washington) , but the OS 34 could be Linux, 

10 Apple OS/9 or another operating system. Microsoft's 
Windows operating system has- a network programming 
interface component 38 known as Windows sockets for use by 
application software to communicate on the Internet. The 
Windows sockets is implemented in the Windows operating 

15 system as a dynamic link library named WSOCK32.DLL. A 
prior version for 16 -bit software is implemented in a file 
named WINSOCK.DLL. 

An Internet browser 36 which utilizes the 
network programming interface 38 for communicating on the 

20 Internet generally does not control the computer's 
connection to the Internet 14, but rather simply calls the 
Windows sockets to communicate over the Internet 14. 
Preferably, the Internet browser 36 is Internet Explorer 
(available from Microsoft Corporation of Redmond, 

25 Washington) , but the Internet browser could be some other 
browser such as Netscape Navigator. 

Internet Explorer allows certain of its function 
calls to the network programming interface 38 to be 
monitored by the software module, including the client - 

30 side module, with a hook interface 40. The hook interface 
40 is a function exported by the client-based software or 
other monitoring software module for monitoring requests 
from Internet Explorer to the network programming 
interfaces 38. In the computer software field, the term 

35 hook generally refers to the ability for one application 
to monitor or receive notification about function calls 
made by another application to yet a third application, a 
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system component, or an application programming interface. 
A hook interface is a mechanism by which an application 
registers to receive notification information from a hook. 

The client module 26 is programmed to intercept 
5 events from Internet Explorer browser 36 by following 
these steps: 

!• Registering itself in the Windows Registry to 
be loaded upon browser startup; 

2. Implementing the lObjectWithSite interface 
10 published by Microsoft; and 

3 . Implementing the lOb j ectWithSite : : SetSite ( ) 
method. This method allows the application to request a 
pointer to Internet Explorer's IWebBrowserEvents2 
Interface . This interface may be used to intercept events 

15 from Internet Explorer. 

The following Microsoft links have further 
technical details, which are incorporated herein by 
reference : 

http: //support .microsoft . com/support/kb/articles/Q179/2/ 
20 30. ASP; 

http : //msdn. microsoft . com/workshop/browser/webbrow- 
ser/reference/IFaces/DWebBrowserEvents2/DWebBrowserEvent 
s2.asp; and 

http : //support .microsoft . com/ support /kb/articles/Q17 9/2/ 
25 30. ASP. 

Alternatively, the open source version of the 
Netscape Navigator browser (e.g., available from 
www, mozilla.org) can be configured to allow certain of its 
function calls to the network programming interface 38 to 
30 be monitored by a software module, such as the client -side 
module 26, with the hook interface 40. 

Whenever the hook interface 40 hooks a URL 
request to the network programming interface 38, the hook 
interface determines that the Internet browser 36 is 
35 attempting to communicate over the Internet 14 . The hook 
interface 40 sends the URL request to the client-based 
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monitor and sends the URL request to the network 
programming interface 38. 

A user might attempt to circumvent the system by 
loading an authorized browser. This invention has the 
5 ability to perform a periodic search of the files on the 
personal computer system or client computer 12 to 
dete3rmine file names associated with other browsers. This 
is accomplished by comparing a compiled list of file names 
associated with unauthorized browsers. Violations are 
10 reported to a designated administrator via email. 

The client-based monitor contains a user 
authentication application 42., a timer 44, an user display 
application 46, and a temporary history log cache 48. The 
user authentication module 42 presents the user with a 
15 log- in prompt, accepts the user's name and password and 
forwards this information to the web-based server. 

The timer application 44 synchronizes its 
internal time to the server time. The current time is 
maintained by the client component 26 independently of the 
20 computer system time in order to prevent users from 
subverting the system by changing the time clock in the OS 
34. 

The timer application processes (i) the number 

of permitted minutes/week, (ii) the number of minutes 
25 already consumed this week, (iii) the monitored and 
restricted start and end times, and (iv) the current 
system time at the web-based server 30. 

Also, the timer application 44 processes the URL 
request's from the hook interface 40. The timer 
30 application 44 logs all the URL requests in the temporary 
history log cache 48 on a time-spent per page basis. By 
logging all the times that URL requests are made, the 
system can create a comprehensive representation of a 
user's Internet activities. 
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The timer 44 of the client module 26 is 
programmed to record time- spent -per-URL by following these 
steps : 

1 . Implementing the DwebBrowserEvents2 : 
5 : Navigate -Complete2 method to be notified each time a new 

URL is navigated to; 

2. Each time a new notification is received, 
the URL is stored in memory along with the current time at 
which it is received. The time spent on the previous URL 

10 is the difference between the current time and the time 
stored corresponding to the previous URL; and 

3 . The temporairy history log cache 48 will 
contain the sequence of URL, begin time and time spent 
records in memory on the client module 26. 

15 If the user exceeds permitted time during the 

monitored period, the client component 26 will notify the 
user and request that the user terminate the browser 36. 
If the user fails to terminate the browser 36, then a 
violation will be reported to the web server 30 and an 

20 email notification will be sent to a supervisor. 
Likewise, if the current time period changes from 
monitored to restricted, then the user is notified. 

The user display application 46 provides a 
periodically updated visual display to the user. This 

25 display includes the amount of authorized time a user has 
remaining on the Internet and the period of use 
(restricted/unrestricted) . The timer 44 considers the 
time the browser 3 6 is minimized to be inactive time. The 
client-based module 26 knows when the browser 36 is 

30 minimized by utilizing the following methodology: upon 
startup a reference (or handle) to the main browser window 
is obtained and stored in memory by the client module. At 
regular intervals this reference handle is queried for its 
current state (by using the "IsIconicO" OS API) in order 

35 to determine if the window has been minimized or not. In 
an alternative embodiment, the time-keeping function of 
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this invention allows for calender functions, including 
on-the-job timekeeping for remote employee users. 

The temporary log cache 48 stores the time 
stamped URL requests sent from the timer application. 
5 Also, the temporary log cache 48 stores the gateway web 
site. The gateway web site is the web site the user is 
directed to after authentication. The gateway web site 
can either be determined by the subscriber (employer) or 
through commercial arrangements with various companies 

10 interested in becoming a point of entry for users. This 
can be established by creating a brief user profile upon 
user registration. The user can then be introduced to a 
number of sites which are of particular interest to their 
profession or group. This entry point is similar to the 

15 home page concept, with the exception that it cannot be 
changed by the user. 

Referring to FIGURE 5, a user begins an Internet 
session by opening his Internet browser. The browser 
helper object model offered by Internet Explorer allows 
20 the client component to load up whenever the browser 
starts. At step 50, a user authentication module presents 
the user with a log- in prompt. The user is asked to enter 
his user name and password. 

At step 52, the Internet browser 36 
25 automatically connects to the supervisor web site 30. At 
step 54, the client component transmits the authentication 
information for verification to the web site using the 
same protocol used by the browser (i.e., .an HTTP or HTTPS 
POST operation) . The web site server 32 indicates success 
30 or failure. 

In the case of authentication failure, the user 
is permitted to either retry, exit the browser 36 or 
ignore the authentication in which case the client 
component 26 notifies the web site server 30 of the 
35 violation. .The web site server 30 saves this information 
in the database and may send out an e-mail to the 
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administrator . The present invention allows for continued 
Internet access even in the event of a server failure. 

In the case of authentication success case, the 
web server 30 returns the following information and 
5 guidelines: (i) number of permitted minutes/week; (ii) 
number of minutes already consumed this week; (iii) the 
monitored and restricted start and end times; and (iv) the 
current system time at the server. In the preferred 
embodiment, the server returns a gateway web site. 

10 The user display application of the client 

component notifies the user about the remaining time as 
well as the current period (Monitored, Restricted or 
Unrestricted) and then starts a visible timer on the 
client machine. This timer is used to track the time spent 

15 on every web page visited by the user. 

At step 56, the user is presented with a gateway 
web site. At step 58, a user Internet session begins. 
The user may go to any URL. Each time the user navigates 
to a new web page, the previous web page title, location 
20 (Universal Resource Locator or URL) , and time spent are 
then stored by the client component 26 in memory on the 
client computer. The web page title and URL are obtained 
from system notifications from the browser to the client 
component 26. 

25 Periodically, at step 60, the client monitoring 

module 26 reconnects to the server web site. Upon 
reaching preset limits (such as number of records, time 
elapsed, etc.) or on termination of the browser process, 
the client component 26 will transmit this cached 

30 information to the web site server 30. The latter will 
store this information in a database under the appropriate 
user's history log. 

At step 62, the user ends the Internet session 
by closing his web browser. At step 64, the client 

35 monitoring module 26 connects to the supervisor web site 
30. The supervisor web site authenticates the log-in 
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information and the client monitoring module 26 uploads 
the temporary history log cache. The user Internet 
session is completed. 

If the user exceeds his permitted time during 
5 the monitored period, then the client component 26 will 
notify the user and request that the browser 36 be 
terminated. If the user fails to do so, then the 
violation is reported as before. Likewise, if the current 
time period changes from Monitored to Restricted, then 

10 again the user is notified as before - 

The operation of the web-based supervisor module 
will not be described in detail. The system allows 
administrators and users to log-in to the web-based 
supervisor server and read reports on Internet usage. The 

15 reports of the supervisors are much more detailed. 
Referring to FIGURE 4, the web-based supervisor 30 
includes an administrative web pages application 68, a 
client communication interface 70, a permanent history log 
72, an authentication service and configuration 

20 information storage application 74, and an email 
notification service application 76. 

The administrative web pages application 68 
processes and presents all web-page requests which the 
server receives. The client communication interface 70 

25 receives and processes requests from the client -based 
module 70. 

The permanent history log records the 
information from the client-based temporary history cache 
48. This information is viewable by an administrator in 

30 either a summary format (total number of hours spent by 
each user) or in a detailed format (time per web page with 
details like the web page tile, URL, and time) by visiting 
the web site and entering the Administrator authentication 
information. This function is the same as that of a 

35 history log of Internet Explorer, Netscape Navigator, or 
Netscape Communicator except that a web-based format does 
not permit modification by the client machine. 
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The supervisor web site authenticates the log- in 
information and the client monitoring module uploads the 
temporary history log cache 48 to the server web site 30. 
The client communication interface accepts the temporary 
5 history log cache and sends it to a permanent history log 
72. 

Referring to FIGURE 6, a company representative 
acquires the Internet monitoring system. At step 74, the 
company representative visits the server web site and 

10 decides to register his company for the Internet 
monitoring system- At step IS, the company representative 
clicks on the first time user registration hyperlink. At 
step 78/ the company representative answers questions 
about his company. These questions include company name, 

15 address, and the like. Referring to Figure 7,- a First- 
Time User Registration interface is shown. 

Referring again to Figure 6, at step 80, the 
company representative decides how many licenses to 
purchase. At step 82, the company representative sets up 

20 the company hierarchy. In order to effectively manage 
Internet access, a system should support existing 
organizational structures. A department supervisor, for 
example, should be able to determine the needs of his 
subordinates within a safe overall framework. This is 

25 important for the overall success of Internet access 
within the organization as it allows supervisors to 
address any problems which arise early on (before they 
become serious personnel issues) . 

Accordingly, the Internet access monitoring 

30 system of the present invention supports a hierarchical 
structure where individual supervisors can monitor and set 
the access rules for their individual workgroups without 
affecting others in the organization. At the s^me time, a 
central authority (e.g., corporate IS department) still 

35 can establish general rules that cannot be overwritten on 
the workgroup level. 
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The company representative proceeds to configure 
groups of users. Each group may be assigned times during 
the day when users belonging to that group may be 
restricted from accessing the Internet and other times 
5 during which they may be permitted monitored access to the 
Internet. During a monitored period, all Internet access 
is logged and timed. Other times of the day are. 
considered to be unrestricted periods during which 
Internet access is not monitored. 
10 The company representative then proceeds to set 

up individual users belonging to these groups by inputting 
names, e-mail addresses and authentication information for 
each user. 

At step 84, the web site sends an e-mail to each 
15 new user with information about downloading and installing 
the client -side software component required for client- 
based monitoring. 

Industrial Applicability 

The following examples demonstrate typical 

20 applications of this system. Consider, for instance, 
employee Ralph who begins routinely accessing pornographic 
sites on the Internet during business hours. Ralph's 
activities are prohibited by company policy, and are 
taking up vital bandwidth. Using current technology, the 

25 company's IS department would likely not detect the 
activity for weeks, or even months, as the department's 
main focus is to keep the company's networks running 
smoothly, not to track individual activities. At the 
point when the activity is uncovered, Ralph might have 

30 already violated company policy to the point where his 
manager has no choice but to dismiss Ralph. If Ralph's 
Internet access activity is monitored locally by Ralph's 
supervisor, however, the supervisor can notice the 
prohibited activity almost immediately. After reminding 

35 Ralph of company policy, the supervisor can continue to 
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monitor Ralph's on-line activities and head off the need 
to terminate Ralph. 

As another example, consider Donna's company, a 
small company -that cannot afford an expensive server and 
5 the technical expertise to support the server. Donna 
wants to monitor her employees' Internet access, but can 
not afford a conventional Internet monitoring system 
requiring a LAN server and technical expertise. However, 
Donna can afford the Internet access monitoring system of 

10 the present invention since it does not require a local 
server or technical expertise. 

As another example, consider Tommy, an employee 
who normally has very little Internet access but needs to 
write a competitive analysis for a new product. To 

15 complete this task effectively. Tommy requires Internet 
access for performing required research. Conventionally, 
Tommy's supervisor would call the company's IS department 
to arrange the appropriate Internet access, a process 
requiring days or even weeks. However using the Internet 

20 access monitoring system of the present invention. Tommy 
accesses the Internet as required to finish his project 
and the Administrator does not act on the warning e-mail. 
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Claims 

1. In a system comprising a plurality of 
personal computers having Internet access, a method for 
monitoring the Internet access for a particular personal 

5 computer, the method comprising: 

providing at the particular personal 
computer a client-based monitor module; 

providing at a web server a web-based 
supervisor module, said supervisor module specifying 
10 guidelines which govern Internet access by the personal 
computer; 

sending guidelines from the supervisor 
module to the personal computer monitor module; 

at the client-based monitor module, logging 
15 a request for Internet access in a log, and logging any 
violations of the guidelines in the log; and, 

sending the log to the supervisor module 
where the following sub-steps are performed: 

(1) copying the log into a web-based log; 
20 (2) notifying a designated administrator 

of any violation. 

2. The method of claim 1, wherein the personal 
computer monitor module includes an Internet browser for 
processing requests for a particular Universal Resource 

25 Locator (URL) , including the step: 

hooking the Internet browser requests for 
a particular Universal Resource Locator. 

3. The method of claim 1, including the step: 
installing in the personal computer a 

30 client -based monitoring program which executes in response 
to the Internet browser requesting a \iniversal resource 
locator (URL) . 



wo 02/01381 



PCTAJSOl/19642 



-21- 

4. In a system comprising at least one 
personal computer having Internet access, a method for 
controlling the bandwidth usage on the Internet for the at 
least one personal computer, the method comprising: 

5 providing at each personal computer a 

client-based monitoring module; 

providing at a web server a web-based 
supervisor module, said supezvisor module including usage 
guidelines which govern Internet access by each personal 
10 conputer; 

sending usage guidelines from the 
supervisor module to the personal computer; 

at the client -based monitoring module, 
logging a request for Internet access in a log, and 
15 logging any violations of the guidelines in the log; and, 

sending the log to the supervisor module 
and copying the log into a web-based log. 

5. The method of claim 4, wherein the personal 
computer includes an Internet browser for processing 

20 requests for a particular Universal Resource Locator (URL) 
and including the step of: 

hooking the Internet browser requests for 
a Universal Resource Locator at the particular personal 
computer. 

25 6. The method of claim 4, the client -based 

monitoring process includes: 

installing at the particular personal 
computer a client -based monitoring program which executes 
any time the Internet browser requests a universal 

30 resource locator (URL) . 

7. In a system comprising a plurality of 
personal computers connected to a network and having 
Internet access, a method for monitoring the Internet 
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access for a particular personal computer, the method 
comprising: 

providing at the particular personal 
computer system a client -based monitor module; 
5 providing at a web server a web -based 

supervisor module, said supervisor module including a 
program specifying guidelines which govern Internet access 
by the personal computer; 

sending guidelines for supervisor module to 
10 the personal computer; 

at the client-based monitoring module, 
logging a request for Internet access in a log, and 
logging any violations of the guidelines in the log; and, 
sending the log to the supervisor module 
15 where the following sxib- steps are performed: 

(1) copying the log into a web -based log; 

(2) notifying a designated administrator 
of any violation. 

8, The method of claim 7, wherein the 
20 particular personal computer includes an Internet browser 

for processing requests for a particular Universal 
Resource Locator (URL) and including the step: 

providing at the particular personal 
computer system a process which hooks the Internet browser 
25 requests for a particular Universal Resource Locator. 

9. The method of claim 7, wherein said step of 
providing at the particular personal computer system 
client-based monitoring process includes: 

installing at the particular personal 
30 computer a client -based monitoring program which executes 
any time the Internet browser requests a universal 
resource locator (URL) . 
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10. The method of claim 1, wherein the personal 
computer system includes a server computer connected to 
the network. 

11. The method of claim 1, including at least 
5 one other personal computer system connected to the 

network. 

12 . In a system comprising a plurality of 
similar computer systems having Internet access, a method 
for monitoring Internet access for a particular personal 

10 computer, the method comprising: 

storing at a web-based supervisor computer 
a list of guidelines for Internet access; 

transmitting said list from the supervisor 
computer to the personal computer; 
■^^ at the personal computer, hooking a request 

for Internet access from an Internet browser; 

if the request for Internet access violates 
the guidelines, notifying the supervisor computer of the 
violation. 



20 13. In a system comprising a plurality of 

computers connected to a network and having Internet 
access, a method for monitoring Internet access for a 
particular personal computer, the method comprising: 

storing at a web-based supervisor computer 
25 a list of guidelines for Internet access; 

transmitting said list from the supervisor 
computer to the personal con^uter; 

at the personal computer, hooking a request 
for Internet access from an Internet browser; 

if the request for Internet access violates 
the guidelines, notifying the supervisor computer of the 
violation. 
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14. A computer system for regulating Internet 
access by users of personal computers comprising: 

a plurality of client computers which can 
connect to at least one open network, each client con^juter 
5 including a monitor module means; 

said monitoring module creating a database 
containing a history log of Internet access; 

a supervisor module provided at a computer 
which is in periodic communication with each client 
10 computer to be regulated, said supeirvisor module including 
a database containing a history log of Internet access; 
and, 

means for transferring the history log of 
Internet access from the personal computer system to the 
15 supervisor module over the open network. 

15. The system of claim 14, further comprising 
means for searching personal computer system for certain 
file names. 

16. In a system comprising a plurality of 
20 personal computers connected to a network and having 

Internet access, a method for monitoring the Internet 
access for a particular personal computer, the method 
comprising: 

providing at the particular personal 
25 computer a client-based monitor; 

providing at another computer on the 
network a supervisor, said supervisor specifying 
guidelines which govern Internet access by the personal 
computer, and a client hierarchy; 
30 sending guidelines from the supervisor to 

the personal computer; 

at the client -based monitor, logging a 
request for Internet access in a log, and logging any 
violations of the guidelines in the log; and. 
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sending the log to the supervisor where the 
following sub- steps are performed: 

(1) copying the log into a web-based log; 

(2) notifying one or more clients in the 
5 client hierarchy of any violation. 

17. The method of claim 16, wherein the 
particular personal computer includes an Internet browser 
for processing requests for a particular Universal 
Resource Locator (URL) and including the step: 

10 hooking the Internet browser requests for 

a particular Universal Resource Locator at the particular 
personal computer monitor. 

18. The method of claim 16, including the step: 
installing at the particular personal 

15 computer system a client -based monitoring program which 
executes in response to the Internet browser requesting a 
universal resource locator (URL) . 
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